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The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 1 1 July 2006 . 
2a)D This action is FINAL. 2b)E3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^3 Claim(s) 1-12 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-12 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3-D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Response to Arguments 

Applicant's arguments filed 07/1 1/06 have been fully considered and are persuasive. 
However, claims are rejected with newly found art. 

Claim Rejections - 35 USC § 101 
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

Claims 1-6 are rejected under 35 U.S.C. 101 because the claimed invention is directed to 
non-statutory subject matter. The claims as recited do not produce a final tangible result. 
Instead the claims disclose an algorithm that has a final result of scanning the results of the 
interpretation for the presence of proscribed code, however there is no tangible result from the 
scanning step. 

Claim Rejections - 35 USC § 103 

Claims 1-4 and 6 are rejected under 35 U.S.C. 103(a) as being unpatentable over Jordan 
(2002/0073323 Al) in view of Davidson. 

In reference to claim 1 and 6, Jordan discloses a system and method for detecting 
computer viruses that attempt to gain access to restricted computer (abstract). The method 
includes writing the results and scanning the results for the presence of proscribed code (page 3 
paragraph 0028). 



Application/Control Number: 09/838,979 Page 3 

Art Unit: 2135 

Jordan does not expressly disclose interpreting code using an interpreter (page 3 
paragraph 0028). 

Davidson discloses a interpreter that interprets code; and writes the interpreter results to 
the stack evaluatively (Figure 1 in combination with Section 3.2.2 paragraph 4). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to interpret the code using an interpreter as in Davidson in the system of Jordan. 
One of ordinary skill in the art would have been motivated to do this because it would provide 
debugging and performance analysis tools (Davidson Abstract). 

In reference to claim 2, wherein scanning the results of said interpretation for the 
presence of proscribed code further comprises scanning for the presence of code of interest. 
Jordan discloses detecting modification of memory (page 3 paragraph 0027) and therefore code 
of interest. 

In reference to claim 3, wherein the first scanning step for the presence of code of interest 
further comprises scanning for a file open command or a file modify command. Jordan discloses 
detecting modification of memory (page 3 paragraph 0027). Modifying a file will modify 
memory. 

In reference to claim 4, wherein the step of scanning further comprising a second 
scanning step for the presence of proscribed code of interest. Jordan discloses detecting 
modification of memory (page 3 paragraph 0027), the access of memory includes accessing 
restricted computer system resources; this is the presence of proscribed code. 
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Claims 5, 7-12 are rejected under 35 U.S.C. 103(a) as being unpatentable over Jordan in 
view of Davidson as applied to claim 1, and 4 respectfully above, and farther in view of Shieh et 
al (5,278,901). 

In reference to claim 7, is rejected as in claim 1 a system and method for detecting 
computer viruses that attempt to gain access to restricted computer (abstract). The method 
includes interpreting code (emulator) that emulates the executable code (page 3 paragraph 0028), 
a reporter and a results evaluator (page 3 paragraph 0028), whereby the file is interpreted by the 
emulator and results generated those results sent to the evaluator (detector) that determines if 
malicious code is present and then the results are reported. However Jordan does not expressly 
disclose a pattern analyzer. 

However Shieh discloses a pattern-oriented system and method of intrusion detection 
(column 4 lines 9-22). The pattern-oriented system is used to detect virus propagation (column 
16 lines 3 1 to column 1 7 line 30); therefore the pattern analyzer reviews patterns for the presence 
of proscribed code. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add a pattern analyzer for detection for intrusion detection as in the system by 
Shieh in the system of Jordan. One of ordinary skill in the art would have been motivated to do 
this because patterns are a simple way of defining deviation from the normal operation of the 
system. 

Jordan does not expressly disclose interpreting code using an interpreter (page 3 
paragraph 0028). 



Application/Control Number: 09/838,979 Page 5 

Art Unit: 2135 

Davidson discloses a interpreter that interprets code; and writes the interpreter results to 
the stack evaluatively (Figure 1 in combination with Section 3.2.2 paragraph 4). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to interpret the code using an interpreter as in Davidson in the system of Jordan. 
One of ordinary skill in the art would have been motivated to do this because it would provide 
debugging and performance analysis tools (Davidson Abstract). 

In reference to claim J, Jordan does not expressly disclose a system wherein the second 
scanning step for the presence of proscribed code of interest further comprises scanning for viral 
code or viral patterns. 

However Shieh discloses a pattern-oriented system and method of intrusion detection 
(column 4 lines 9-22). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use pattern detection for intrusion detection as in the system by Shieh in the 
system of Jordan. One of ordinary skill in the art would have been motivated to do this because 
patterns are a simple way of defining deviation from the normal operation of the system.. 

In reference to claim 8, wherein the step of scanning further comprising a first scanning 
step for the presence of code of interest. Jordan discloses detecting modification of memory 
(page 3 paragraph 0027) and therefore code of interest. 

In reference to claim 9, wherein the first scanning step for the presence of code of interest 
further comprises scanning for a file open command or a file modify command. Jordan discloses 
detecting modification of memory (page 3 paragraph 0027). Modifying a file will modify 
memory. 
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In reference to claims 10-12, Jordan does not expressly disclose the pattern analyzer 
further reviews said code for the presence of code of interest. 

Shieh discloses the pattern analyzer reviews code for the presence of problems, or code 
of interest (column 4 line 60 to column 5 line 1 1). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use pattern detection for code of interest as in the system by Shieh in the system 
of Jordan. One of ordinary skill in the art would have been motivated to do this because patterns 
are a simple way of defining deviation from the normal operation of the system. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W. Klimach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Application/Control Number: 09/838,979 Page 7 

Art Unit: 2135 




HOSUKSONG 

PWK PRIMARY EXAMINER 

Monday, October 02, 2006 



